PatchSiren cyber security CVE debrief
CVE-2025-0124 Palo Alto Networks CVE debrief
An authenticated file deletion vulnerability in Palo Alto Networks PAN-OS® software affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. An attacker with authenticated access to the management web interface can delete certain files as the 'nobody' user, including limited logs and configuration files. System files are not affected. The vulnerability requires network access to the management interface and high privileges (authenticated administrator). The CVSS v3.1 score of 3.8 reflects the limited scope of impact—integrity and availability are partially affected, with no confidentiality impact. The vulnerability was disclosed in CISA ICS Advisory ICSA-24-338-02 on November 22, 2024, with subsequent updates through June 10, 2025, adding related CVEs and remediation guidance.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW in industrial control system environments, particularly those with remote management access enabled. Security teams responsible for network appliance hardening and incident response should prioritize this for patch planning given the log deletion risk to forensic investigations.
Technical summary
The vulnerability exists in Palo Alto Networks PAN-OS® software when deployed as Virtual NGFW on Siemens RUGGEDCOM APE1808 hardware. An authenticated attacker with network access to the management web interface can exploit insufficient authorization controls to delete files owned by the 'nobody' user. The scope is limited to logs and configuration files; system files are explicitly excluded from impact. The attack requires high privileges (administrator authentication) and no user interaction. The vulnerability does not support privilege escalation or code execution. Remediation involves upgrading to PAN-OS 11.1.8 and implementing jump box access controls for management interfaces.
Defensive priority
LOW
Recommended defensive actions
- Restrict management interface access to a dedicated jump box to limit attack surface
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 or later; contact Palo Alto Networks customer support for patch availability
- Apply network segmentation to isolate management interfaces from untrusted networks
- Monitor for unauthorized file deletion activity in logs and configuration directories
- Review and validate backup procedures for configuration files given the deletion risk
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF source ICSA-24-338-02, which identifies Siemens RUGGEDCOM APE1808 as the affected product with Palo Alto Networks Virtual NGFW as the vulnerable component. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L is provided in the source remediation data. The advisory revision history confirms CVE-2025-0124 was added in version 1.5 on May 13, 2025.
Official resources
-
CVE-2025-0124 CVE record
CVE.org
-
CVE-2025-0124 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22